New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
releng: Update debian-base and debian-iptables to buster-v1.6.0 to patch base image CVEs #100976
Conversation
Welcome @jindijamie! |
Hi @jindijamie. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
build/dependencies.yaml
Outdated
@@ -132,7 +132,7 @@ dependencies: | |||
|
|||
# Base images | |||
- name: "k8s.gcr.io/debian-base: dependents" | |||
version: buster-v1.4.0 | |||
version: buster-v1.5.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we've actually just built a new one last week, debian-base is up to buster-v1.6.0 now.
/ok-to-test Thanks for putting this together Di |
/remove-sig api-machinery |
/test |
@jindijamie: The
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest |
Thanks for this update, @jindijamie! |
For For |
@jindijamie can you please document which CVE(s) you had in mind in the PR body? thanks! /approve |
/approve for etcd image |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dims, jindijamie, jpbetz, justaugustus The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold please remove hold when this is ready @justaugustus |
|
/hold cancel |
…100976-upstream-release-1.21 Automated cherry pick of #100976: releng: Update debian-base and debian-iptables to buster-v1.6.0 to patch base image CVEs
What type of PR is this?
/kind feature
What this PR does / why we need it:
debian-base to buster-v1.6.0
debian-iptables to buster-v1.6.0
Which issue(s) this PR fixes:
Fixes a bunch of CVEs
Debian-iptables buster-v1.5.0
Medium CVE-2021-23840
Medium CVE-2021-23841
Low CVE-2019-1551
Low CVE-2021-3449
Low CVE-2021-24032
Low CVE-2021-24031
Debian-base buster-v1.4.0
Low CVE-2021-24031
Low CVE-2021-24032
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: